national security policy – SSL and internet security news

NIST Releases First Post-Quantum Encryption Algorithms

August 15, 2024 infossl

cryptography, encryption, national security policy, nist, quantum computing, security standards, Security technology, Uncategorized

From the Federal Register: After three rounds of evaluation and analysis, NIST selected four algorithms it will standardize as a result of the PQC Standardization Process. The public-key encapsulation mechanism selected was CRYSTALS-KYBER, along with three digital signature schemes: CRYSTALS-Dilithium, FALCON, and SPHINCS+. These algorithms are part of three NIST standards that have been finalized: … Read More “NIST Releases First Post-Quantum Encryption Algorithms” »

Problems with Georgia’s Voter Registration Portal

August 7, 2024 infossl

fraud, Georgia, identification, national security policy, Security technology, Uncategorized, voting

It’s possible to cancel other people’s voter registration: On Friday, four days after Georgia Democrats began warning that bad actors could abuse the state’s new online portal for canceling voter registrations, the Secretary of State’s Office acknowledged to ProPublica that it had identified multiple such attempts… …the portal suffered at least two security glitches that … Read More “Problems with Georgia’s Voter Registration Portal” »

On the CSRB’s Non-Investigation of the SolarWinds Attack

July 8, 2024 infossl

cyberattack, cyberespionage, dhs, microsoft, national security policy, russia, Security technology, Uncategorized

ProPublica has a long investigative article on how the Cyber Safety Review Board failed to investigate the SolarWinds attack, and specifically Microsoft’s culpability, even though they were directed by President Biden to do so. Powered by WPeMatico

The US Is Banning Kaspersky

June 26, 2024 infossl

antivirus, cyberespionage, espionage, national security policy, Security technology, Uncategorized

This move has been coming for a long time. The Biden administration on Thursday said it’s banning the company from selling its products to new US-based customers starting on July 20, with the company only allowed to provide software updates to existing customers through September 29. The ban—the first such action under authorities given to … Read More “The US Is Banning Kaspersky” »

Espionage with a Drone

June 6, 2024 infossl

drones, espionage, national security policy, photos, Security technology, Uncategorized

The US is using a World War II law that bans aircraft photography of military installations to charge someone with doing the same thing with a drone. Powered by WPeMatico

Microsoft and Security Incentives

April 23, 2024 infossl

cybersecurity, incentives, microsoft, national security policy, Security technology, Uncategorized

Former senior White House cyber policy director A. J. Grotto talks about the economic incentives for companies to improve their security—in particular, Microsoft: Grotto told us Microsoft had to be “dragged kicking and screaming” to provide logging capabilities to the government by default, and given the fact the mega-corp banked around $20 billion in revenue … Read More “Microsoft and Security Incentives” »

OpenAI Is Not Training on Your Dropbox Documents—Today

December 19, 2023 infossl

artificial intelligence, data collection, national security policy, Security technology, trust, Uncategorized

There’s a rumor flying around the Internet that OpenAI is training foundation models on your Dropbox documents. Here’s CNBC. Here’s Boing Boing. Some articles are more nuanced, but there’s still a lot of confusion. It seems not to be true. Dropbox isn’t sharing all of your documents with OpenAI. But here’s the problem: we don’t … Read More “OpenAI Is Not Training on Your Dropbox Documents—Today” »

Spying through Push Notifications

December 7, 2023 infossl

metadata, national security policy, privacy, Security technology, spyware, surveillance, transparency, Uncategorized

When you get a push notification on your Apple or Google phone, those notifications go through Apple and Google servers. Which means that those companies can spy on them—either for their own reasons or in response to government demands. Sen. Wyden is trying to get to the bottom of this: In a statement, Apple said … Read More “Spying through Push Notifications” »

EPA Won’t Force Water Utilities to Audit Their Cybersecurity

October 24, 2023 infossl

cybersecurity, infrastructure, national security policy, Security technology, Uncategorized, utilities

The industry pushed back: Despite the EPA’s willingness to provide training and technical support to help states and public water system organizations implement cybersecurity surveys, the move garnered opposition from both GOP state attorneys and trade groups. Republican state attorneys that were against the new proposed policies said that the call for new inspections could … Read More “EPA Won’t Force Water Utilities to Audit Their Cybersecurity” »

Child Exploitation and the Crypto Wars

October 23, 2023 infossl

child pornography, children, crypto wars, encryption, laws, national security policy, privacy, Security technology, surveillance, Uncategorized

Susan Landau published an excellent essay on the current justification for the government breaking end-to-end-encryption: child sexual abuse and exploitation (CSAE). She puts the debate into historical context, discusses the problem of CSAE, and explains why breaking encryption isn’t the solution. Powered by WPeMatico